CVE-2025-12061

HIGH

TAX SERVICE Electronic HDM <1.2.1 - SQL Injection

Title source: llm

Description

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements

References (1)

[Third Party Advisory] https://wpscan.com/vulnerability/1015dd69-faa5-4008-8884-f497ff980ed3/

Scores

CVSS v3 8.6

EPSS 0.0004

EPSS Percentile 10.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Classification

CWE

CWE-862 CWE-352

Status draft

Timeline

Published Nov 26, 2025

Tracked Since Feb 18, 2026